I encountered some weird behaviour on a client’s computer. Upload failed for some reason at some point. In the client logs I discovered some ‘file not found’ errors, which turned out to have been deleted by a virus scanner before.
The virus signature was from a very old MS Word exploit (cve-2006-2492).
For once from what I researched this is no longer dangerous as the bug has long been closed. The Antivir software does not detect anything in any Word-File itself. So I got curious about what happens there.
- Is it possible that the blocks were created in a pattern that matches this virus sig without actually being hazardous?
- Is there a way to trace back the blocks to the file they originate from to inspect that deeper?